//package org.spring.oauth2.client.org.oauth2.security.gateway.config;
//
//import static org.springframework.security.org.oauth2.security.gateway.config.Customizer.withDefaults;
//
//import com.nimbusds.jwt.JWT;
//import com.nimbusds.jwt.JWTClaimsSet;
//import com.nimbusds.jwt.JWTParser;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.org.oauth2.security.gateway.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.core.GrantedAuthority;
//import org.springframework.security.core.authority.SimpleGrantedAuthority;
//import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
//import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
//import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
//import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
//import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
//import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
//import org.springframework.security.oauth2.core.OAuth2AccessToken;
//import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
//import org.springframework.security.oauth2.core.oidc.user.OidcUser;
//import org.springframework.security.web.SecurityFilterChain;
//
//import java.text.ParseException;
//import java.org.oauth2.security.gateway.util.Collection;
//import java.org.oauth2.security.gateway.util.HashSet;
//import java.org.oauth2.security.gateway.util.Set;
//
//@Configuration
//public class SecurityConfig {
//
//    @Bean
//    SecurityFilterChain securityFilterChain(HttpSecurity http, ClientRegistrationRepository clientRegistrationRepository) throws Exception {
//
//        String base_uri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
//        DefaultOAuth2AuthorizationRequestResolver resolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, base_uri);
//        resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
//
//        http
//                //所有请求都需经过授权认证
//                .authorizeHttpRequests(authorize -> authorize
//                        .anyRequest().authenticated())
//                //配置登录URL
//                .oauth2Login(oauth2Login ->{
//                    oauth2Login.loginPage("/oauth2/authorization/myoauth2");
//                    oauth2Login.authorizationEndpoint().authorizationRequestResolver(resolver);
//                    oauth2Login.userInfoEndpoint(userInfo -> userInfo
//                            .oidcUserService(this.oidcUserService()));
//                })
//
//                //使用默认客户端配置
//                .oauth2Client(withDefaults());
//        return http.build();
//    }
//    private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
//        final OidcUserService delegate = new OidcUserService();
//
//        return (userRequest) -> {
//            OidcUser oidcUser = delegate.loadUser(userRequest);
//            OAuth2AccessToken accessToken = userRequest.getAccessToken();
//            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
//            try {
//                JWT jwt = JWTParser.parse(accessToken.getTokenValue());
//                JWTClaimsSet claimSet = jwt.getJWTClaimsSet();
//                Collection<String> userAuthorities = claimSet.getStringListClaim("authorities");
//                mappedAuthorities.addAll(userAuthorities.stream()
//                        .map(SimpleGrantedAuthority::new)
//                        .toList());
//            } catch (ParseException e) {
//                System.err.println("Error OAuth2UserService: " + e.getMessage());
//            }
//            oidcUser = new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
//            return oidcUser;
//        };
//    }
//}
